wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 3 Packages Projects Releases Wiki Activity

fix(auto): use action parser for repair gates
Some checks failed
CD Pipeline / tests (push) Failing after 1m2s
Details
CD Pipeline / build-and-deploy (push) Has been skipped
Details
CD Pipeline / post-deploy-checks (push) Has been skipped
Details
Code Review / ai-code-review (push) Successful in 24s
Details

Browse Source
This commit is contained in:
Your Name
2026-04-30 14:06:09 +08:00
parent 9ee3cc6242
commit ed2a4838f2
11 changed files with 279 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
apps/api/src/api/v1/webhooks.py
View File

@@ -34,6 +34,7 @@ from pydantic import BaseModel, Field
from src.core.config import settings
from src.core.constants import is_cicd_alertname, is_heartbeat_alertname
from src.services.alert_rule_engine import get_incident_type, match_rule
from src.services.action_parser import is_safe_kubectl_action
from src.core.logging import get_logger
from src.core.metrics import record_alert_chain_success
@@ -1059,15 +1060,13 @@ async def receive_alert(
# 設計confidence ≥ 0.85 + 非 CRITICAL + 非破壞性 + 有 kubectl 指令 → 直接執行
# 安全防線CRITICAL / destructive patterns / NO_ACTION/INVESTIGATE/OBSERVE / 空 kubectl → 降級 PENDING
if analysis_result:
from src.services.auto_approve import _DESTRUCTIVE_PATTERNS as _cs1_destr_patterns
_cs1_kubectl = analysis_result.kubectl_command.strip() if analysis_result.kubectl_command else ""
_cs1_can_auto = (
bool(_cs1_kubectl)
and analysis_result.confidence >= 0.85
and risk_level != RiskLevel.CRITICAL
and _sa_val not in _non_destructive_actions
and not any(p in _cs1_kubectl.lower() for p in _cs1_destr_patterns)
and is_safe_kubectl_action(_cs1_kubectl)
)
if _cs1_can_auto:
try:
@@ -1396,15 +1395,13 @@ async def _process_new_alert_background(
# 設計is_rule_based=True 確定性高,滿足條件直接執行,不等人工審核
# 安全防線CRITICAL / destructive patterns / NO_ACTION / 空 kubectl → 全部降級 PENDING
try:
from src.services.auto_approve import _DESTRUCTIVE_PATTERNS
from src.models.approval import ApprovalRequest, ApprovalStatus
from src.services.approval_execution import ApprovalExecutionService
_destructive_set = set(p.lower() for p in _DESTRUCTIVE_PATTERNS)
_can_auto = (
bool(rule_kubectl)
and rule_risk != RiskLevel.CRITICAL
and not any(p in rule_kubectl.lower() for p in _destructive_set)
and is_safe_kubectl_action(rule_kubectl)
and "NO_ACTION" not in rule_action
)
if _can_auto:
@@ -1576,14 +1573,13 @@ async def _process_new_alert_background(
logger.warning("shadow_auto_approve_failed", error=str(_shadow_err_cs3))
# 2026-04-27 Claude Sonnet 4.6: CS3 LLM 高信心自動執行修法3擴展
from src.services.auto_approve import _DESTRUCTIVE_PATTERNS as _cs3_destr_patterns # noqa: PLC0415
_cs3_kubectl = (analysis_result.kubectl_command or "").strip()
_cs3_can_auto = (
bool(_cs3_kubectl)
and analysis_result.confidence >= 0.85
and risk_level != RiskLevel.CRITICAL
and "NO_ACTION" not in (analysis_result.action_title or "")
and not any(p in _cs3_kubectl.lower() for p in _cs3_destr_patterns)
and is_safe_kubectl_action(_cs3_kubectl)
)
if _cs3_can_auto:
try: